EP#87 – Chris Ciabarra – The Convergence of Physical & Cyber Security and the Impact to Cyber Security Professionals

As technology advances, there will always be new threats from malicious actors seeking to exploit these advancements — whether that be in the digital realm or physical.

With technologies increasingly blurring the lines between the two, today’s security professionals must adapt as the sectors of physical security and cyber security converge into one.

Today’s guest, Chris Ciabarra, Co-Founder and CTO of Athena Security, is one of the physical security experts leading the charge on this front and he joins the show to share his insights into the inevitable security convergence in our future.

Join us as we discuss:

• Why the lines between physical security and cybersecurity are increasingly blurred
• The technologies Athena Security are advancing in the physical security domain
• How Athena accidentally made a COVID-19 detector 

To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.

If you don’t use Apple Podcasts, you can find all our episodes here.

Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.

Speaker 1 (00:06):

You are listening to The Virtual CISO Podcast, a frank discussion providing the best information security advice and insights for security, IT, and business leaders. If you’re looking for no BS answers to your biggest security questions or simply want to stay informed and proactive, welcome to the show.

John Verry (00:24):

Hey there, and welcome to yet another episode of The Virtual CISO Podcast. With you, as always, John Verry, your host. And with me today, Chris Ciabarra, and I hope I got the pronunciation of that last name right. Lot of vows. I’m guessing it’s good Irish name, right, Chris?

Chris Ciabarra (00:39):

Italian. Italian.

John Verry (00:41):

Really?

Chris Ciabarra (00:48):

Yeah, yeah. Ciabarra. Ciabarra, hey.

John Verry (00:48):

You know what? I didn’t use my hand, which is why it didn’t sound right. Ciabarra.

Chris Ciabarra (00:51):

Exactly.

John Verry (00:52):

How are you today, man?

Chris Ciabarra (00:54):

Excellent, thanks. It’s a beautiful day here in California.

John Verry (00:57):

Don’t rub it in. It actually is a beautiful day here. I’m looking out the window of my office, and all of the trees are flowering. So we got all of the early tree flowers out, which is cool because finally we’re out of the winter, and we’re towards spring.

Chris Ciabarra (01:08):

Where you at?

John Verry (01:09):

I’m in New Jersey.

Chris Ciabarra (01:10):

Oh, New Jersey. I grew up in Philly.

John Verry (01:12):

Oh, listen. We’re right down towards Philly. Outside of Princeton, if you know that area.

Chris Ciabarra (01:15):

Oh nice.

John Verry (01:15):

So yeah.

Chris Ciabarra (01:16):

Of course.

John Verry (01:16):

Then you know the area. All right. So before we get down to business … Wait. You got me off my game here. Can you tell us a little bit about who you are and what is it that you do every day?

Chris Ciabarra (01:27):

Sure thing. My name is Chris Ciabarra. I’m with the Athena Security CPO co-founder over here. And what I do every day is pretty much either build product features, answer phone calls. It’s a walkthrough metal detector. It allows people to walk through without even knowing it’s there. It’s two poles that you blend into your background. Leave your keys, leave your phone in your pockets. You just walk right through. So it’s the new invention where you don’t have to take anything out of your bags and stuff.

John Verry (01:53):

Hopefully they’re going to get them at the TSA soon because I’m tired of getting naked to get on a plane. But anyway, we’ll drill down a little on the product in a couple minutes here.

Chris Ciabarra (02:02):

Okay.

John Verry (02:03):

Before we get down to business, we always ask, what’s your drink of choice?

Chris Ciabarra (02:06):

Drink choice is actually going to be tequila.

John Verry (02:10):

Ah.

Chris Ciabarra (02:11):

I like wine.

John Verry (02:12):

Based on our preliminary conversation, I thought we were going to say wine. Which tequila? Are you a Sammy Hagar fan? Which way do you go on tequilas?

Chris Ciabarra (02:24):

When I go out, I do Don Julio and Yeyo when I go out and about. But at home, I mean, I forget the name of it. One second. Let me grab it real quick. This stuff is to die for. Can’t even tell the name. It’s this stuff right here. Have you ever seen it? It’s really good.

John Verry (02:41):

You know what? I think I may have actually seen it. So I live across the street from a nut who has 600 bottles. He has a bar in his garage, he’s got two kegs on tap, he’s got two fridges loaded with mic micro craft beers. He’s got 600 bottles of wine in his basement and he’s got 600 bottles of alcohol in the house. And I kid you not, he’s got 100 plus bottles of bourbon, but he’s also a tequila guy. So I’ve drank some really some really good tequilas over there. It’s funny. I tend to drink tequilas when I’m skiing, and I don’t know why, but I mean, that tends to be when I end up with a tequila in my hand.

Chris Ciabarra (03:22):

Nice. Keeps you warm.

John Verry (03:23):

I just got back from Jackson Hole and did indeed have a couple tequilas in my hand at some point. So I did have one question to ask you. So I know you’re out in San Fran, and I know we briefly, before we started recording, you mentioned that you were also a fan of Russian river wines. Any particular ones? Just because that tends to be what we drink as well in our house.

Chris Ciabarra (03:44):

Yeah. I don’t know the name of it, but it is phenomenal. I’ll get back to you on that one.

John Verry (03:47):

All right. So you owe me an email. You owe me an email after the-

Chris Ciabarra (03:49):

You got it.

John Verry (03:51):

All right. So thank you for coming on. We’re in an interesting point in the information security field. We’re seeing a consolidation of areas that used to be different from information security. I’m going to call them neighboring areas. Think privacy, right? Privacy has recently become highly integrated with information security, and now we’re starting to see the same thing with physical security. Again, previously a different domain, but we’re starting to see that integration or what they refer as convergence, and a lot of that’s being driven by the critical infrastructure systems agency, which is responsible for administering the security of the 16 critical information sectors to the US economy. And they recently published what they call the Physical and Cyber Security Convergence Guide. So as a physical security guy, how would you define physical and cyber security convergence?

Chris Ciabarra (04:45):

Sure. So if you look at the two sectors before, it was two different people heading up each, and it just makes sense to combine them together. Why is that? Well, everything is IoT based. Everything has that internet connection these days. So all the physical stuff that didn’t have internet connection years ago now does. So now you have a lot more threats happening, you have a lot more things you have to worry about, and the typical physical infrastructure personnel didn’t have a clue about cyber, right? They didn’t know. They just plugged it in and it worked, whatever. They didn’t worry about the security side.

Well, now that needs to get fixed because there’s a lot of holes in these types of physical environments, physical security products that people aren’t aware of. So that’s why I think they’re combining them because it just makes sense, right? Everything is connecting to the internet now, and everything should be secured properly, and security folks should have control over this kind of stuff, cyber folks.

John Verry (05:33):

Gotcha. Gotcha. And that made me think of an interesting question that I wouldn’t have thought to ask you. Is your device an IoT device?

Chris Ciabarra (05:39):

Oh, absolutely. Yeah. It has to be. So everything that’s … And if an alert goes off, you get an automatic text on your phone. You get the picture of the person on your phone, so everything’s plugged in. Absolutely.

John Verry (05:50):

Gotcha. So that means you have the privilege of dealing with the California SB-386 and all the other fun stuff that’s around IoT security, right?

Chris Ciabarra (05:57):

Yep.

John Verry (05:59):

You got to love those. Got to love the California attorney general. He makes our lives really nice. So other than IoT devices, anything else that you think is driving this idea of physical and cybersecurity convergence?

Chris Ciabarra (06:12):

Well, I think it’s just personnel specialties, right? I think it just makes sense to plug everything on the internet and converge the two groups together.

John Verry (06:21):

Gotcha.

Chris Ciabarra (06:21):

A lot of disconnects before.

John Verry (06:21):

Okay. So yeah. So to that end, so you said some disconnect, so I guess one of the benefits is that we’re closing some of those disconnects. What are some of the other benefits that you would say that this convergence provides?

Chris Ciabarra (06:35):

Well, it depends on what your angle is. I think it’s going to speed up certain things, especially when you’re installing products. You don’t have to go to two different groups for meetings. It’s going to be one group for meetings. It’s going to speed up those types of integrations from third parties and whatnot. It’ll also obviously give companies better security, right? Because before, physical folks, plug it in and it works. They don’t think about the ramifications and the hacks that are in these types of equipment. They’re buying cameras from China. They don’t even realize it. It’s underneath a different name. And guess what? They have back doors in them, and they’re plugging them on their network, and they don’t realize, “Oh, that should be on a separate network that doesn’t touch your internal network.” So I think a lot of that is going to get fixed. A lot less hacks will happen because of it, and it’s the right direction to go, for sure.

John Verry (07:17):

Yeah. And one of the things which I think … I think we’re increasingly recognizing the risk of internet connectivity to IoT devices, but I think what’s cool about the convergence is I don’t think most people recognize that the risk posed by getting proximate to a device is different than the risk posed by connecting to the device across the internet because many of these devices have multiple forms of networking, whether it’s … And they could be wireless. They can be wired. Right? They also have interfaces on them. Right? They might have an RS-232 port. They might have an ethernet jack. Right? So you have this ability to connect to the device directly, So you could have all the outside security in the world that prevents someone from talking to that device, unless it’s talking from a particular data center, but you can get to it.

And then perhaps even more importantly, if I can get to a device and it has any type of a debug interface, or if it’s got any … Perhaps I can get down into the firmware, or if I can physically get to the device and I can open the device up and I can get down to the board level, and I can connect to the board itself, and sometimes you open up a board and you’ll see an SD drive and you can just pop the SD drive out and you’ve got the firmware for the device. You can reverse compile it, change it, put it back in, and hey, now the device is doing something it was never intended to do. So I think that’s a really big advantage.

The other one that increasingly is part of the conversation that I’m having, I don’t know if you’re having the same conversations, but having a unified view of risk across the organization is critical. Right? So all too often, you had the risk from a physical perspective, which uses different thought processes and different methodologies like RAV, if you’re familiar with that. That’s one of the methodologies. You’ve got your information security risk management, which chooses confidentiality, integrity, availabilities, impact criteria, and you’ve got your enterprise risk management, which uses more business type things like impact to operations, legal and reputational risk, things of that nature.

I think the more that we can get to a unified conversation about risk and all assets of risk are being communicated in the same language, the language of the business, I think it just puts us all in a better spot. So I would think that this physical and cyber security convergence really is going to simplify risk management as well. Right?

Chris Ciabarra (09:25):

I totally agree with that. Absolutely. Just like what I was saying before, it’s going to make it more secure, so your risks are going to go down cause you have more control over it.

John Verry (09:32):

Yeah. And then the other thing, too, is that increasingly what we’re seeing is these physical security controls are increasingly becoming an obligation of the information security frameworks that people become certified to. Right? So ISO 27001 is an example. It has a requirement for physical security. So this idea that folks that are managing the information security program are going to have some responsibility for ensuring physical security, that’s another good reason, I think, in terms of integration as well.

Chris Ciabarra (09:59):

Oh, absolutely. And especially with data. Our system can also link down to a USB stick, right? A lot of companies don’t want USB sticks leaving their facilities because obviously that could be information, or we can tailor it to a board. They don’t want these certain boards to leave. There’s certain companies out there that have proprietary information on boards, and they don’t want them to leave their facilities. So yeah, all of that type of physical security definitely needs to be tied in and locked up for less risk.

John Verry (10:24):

Gotcha. Now you are a physical security company. We’re an information security company. So I think our perspectives and our experience are going to be different. So as a physical security company, do you see a lot of convergence actually taking place yet? And if you do, is it a particular market sector? And if so, why is that particular sector more advanced than this?

Chris Ciabarra (10:44):

Yeah. I mean, we deal with every sector, really. Hospitals, churches, universities, you name it, we’ve launched , even casinos. And in some instances you will walk in on the first day, and it is split, and then by the end of the sale, it’s combined. So we ran into that before. I mean, these sales take sometimes six months, these types of things. So I think it’s an ongoing process right now with a lot of companies. Some are slower than others. Some, obviously, already have done this. So it’s just going to be a process. I think in the next four years, everything is going to be converted, and the two … How do you pronounce that? Two sectors are combined, the physical and the cyber.

John Verry (11:19):

Yeah. That’s what we’re saying. And it’s interesting because if you go back only a year ago, so we have a guy who works here, works here, our practices director. He formerly headed up physical security for a global 2000 firm, and he was the person that introduced me this idea. It was only a year ago of physical and cyber, and the organization he worked with actually was converging the two. So I thought that was interesting. Now what was interesting to me as well is one of the core parts of what he did was make sure that people were protected as well, right? So he had-

Chris Ciabarra (11:19):

What did he manage?

John Verry (11:53):

Well, I mean physical security, right?

Chris Ciabarra (11:55):

Oh. [inaudible 00:11:56]

John Verry (11:56):

So yeah. So you think-

Chris Ciabarra (11:57):

I thought you meant their jobs or something.

John Verry (12:00):

Oh. Well, if you get shot, as you could probably tell, you no longer have a job. So yeah, I guess indirectly you’re protecting jobs. But it was interesting to me as we started having these conversations, so my first view of physical and cyber convergence was through him. And I knew he was responsible for events and even for executives traveling into at-risk countries and things of that nature. So I thought physical and cyber convergence also included people. But when I looked at the CISA’s guidance, it wasn’t explicit. And I don’t know about other forms of guidance. So I’m just curious, from your perspective, does CISA’s guidance not calling out people specifically surprise you?

Chris Ciabarra (12:41):

It does because I think their lives, obviously, are a bigger risk than anything else that’s out there. So protecting that, I think, would be number one. Board meetings, we protect. These things are portable, so you can take them anywhere you want, which is awesome when you travel and you need protection. So you should definitely have a solution for meetings, especially board meetings in your facility. And if you’re traveling, you should have some kind of solution that you travel with because you don’t want someone to shoot up the crowd when you’re in the middle of a meeting or something, as people come in, or events.

John Verry (13:12):

Yeah. So in prep for this, you and I had a conversation a couple weeks ago. It did intrigue me. So I started doing some searching for any standards that really related. I didn’t see any. Are you aware of any particular standards that would mandate, as an example, the implementation of a system like yours that detects guns in an entryway or something of that nature?

Chris Ciabarra (13:35):

Sure. I mean, there’s none that we know of. There are standards, obviously, for a detection system, government standards that you have to pass, and which we do pass 100% of. But as far as standards that physically implement ML detector, we haven’t seen those, or I don’t know of them right now.

John Verry (13:51):

That’s interesting. Yeah. Because like you said, “All right, we’re going to protect the IoT devices. The hell with the people.”

Chris Ciabarra (13:55):

That will definitely change soon. I’m sure.

John Verry (14:00):

Yeah. Anyway, so-

Chris Ciabarra (14:03):

That’s a good point, though. We should make one.

John Verry (14:04):

Yeah. Well, listen, if there was a standard, your life would be a lot easier. It’s like, “Hey guys, you don’t have a choice, but to implement this.” So I think you’ve touched on it tangentially, a little bit. Can you dig in a little bit more, talk about your product, exactly how it works, who are the primary customers, users of this, and what is the driver that convinces folks that they need a product of this nature?

Chris Ciabarra (14:30):

Sure thing. The sad part is I’ll start with, “What’s the driver?” Usually when there’s an incident in their area is when everyone wakes up and goes, “Oh boy, we need to do something about this.” I was just in New York at a church. It happened at a church, and all the churches in the neighborhood are getting them. So I think those are the kinds-

John Verry (14:45):

And real quick for you, define an incident. A shooting? Is that what you mean when you say an incident?

Chris Ciabarra (14:52):

An incident is anywhere from finding a weapon to a shooting.

John Verry (14:56):

Okay.

Chris Ciabarra (14:56):

And this happens to be a shooting in New York. It happens. But I mean, hospitals, same thing. ER. One of the gang members, happens all the time. I hear this all the time from the hospitals. Someone comes in the ER from a gang shooting, and all the other gang members come in, and now there’s a shootout in ER from the two gangs because one person is-

John Verry (14:56):

Oof.

Chris Ciabarra (15:11):

Yeah. It’s a nightmare for these hospitals. So that’s the kind of situations you run into. And when that kind of stuff happens, they wake up, “Oh, we need this,” you know? And that’s great for us. Obviously, it’s bad for them. But these companies need to be foreseeing this kind of stuff instead of just waiting for something to happen and then doing something about it, obviously, because these things can be prevented if they had systems in place to protect them and their employees and their guests. So yeah, it varies.

John Verry (15:35):

And then talk a little bit about how the product works. So is this almost like walking through the metal detectors at an airport? Does it look like that?

Chris Ciabarra (15:45):

It’s a little bit different. The visual is just two poles. So you can actually embed these. You can put coverings on them so that you can’t even see them. They fade in the background. A lot of companies are starting to do that, that we work with. We also have an iPad that you can visually see the person going through, and then it gives them a clear or an X, and it texts them. If something happens, it’ll text them on their phone, all the security folks that have the app downloaded, the person’s face, who they are, when they came in, all the information in real-time goes straight to their phone. It’s really easy to convert, to travel with. They’re 35 pounds a pull. So they’re really easy to pick up and place down, and within 60 seconds you could be up and running. It’s a really simple device.

It works with metal, active and passive metal detection, and it has 300 antennas compared to the 30 antennas that [inaudible 00:16:31] metal detectors have, and this allows a system to differentiate between a gun and a cell phone, right? So the old systems, you have to take everything out of your pockets because you can’t differentiate, but now we can differentiate. Now, it’s not perfect. Obviously, if you have a lot of things in your backpack, it might get confused. But for most people, it’ll allow you to have your backpack. You walk through with no problem.

John Verry (16:49):

Gotcha. And these antennas are using what type of … Is it thermal? Is it some type of … What is the mechanism by which you’re actually sensing it?

Chris Ciabarra (17:01):

Sure. So we actually use multiple sensors. One is thermal. We use induction, we use metal detection, and those things. We’re adding more sensors going forward, because people are asking for explosive detection. So we’re adding more sensors going forward, but right now, we only detect the weapons.

John Verry (17:16):

Gotcha.

Chris Ciabarra (17:16):

And guns and machine guns.

John Verry (17:18):

Gotcha. Just out of curiosity, if you were detecting explosives, that would be more chemical?

Chris Ciabarra (17:23):

Correct.

John Verry (17:23):

Chemical detection? Okay. So you’d actually end up with another complete … So you’d end up with more than two or three different forms of detection to detect different types of potential threats.

Chris Ciabarra (17:33):

Exactly. Yeah.

John Verry (17:34):

Gotcha.

Chris Ciabarra (17:35):

Not everybody will want that, but some people are asking for it. So we’re including it.

John Verry (17:39):

Yeah. And then we have one other threat, looking at your website when I was prepping for this, the dreaded CV-19. So you guys also came up with a novel solution to turn your weapons detection into a coronavirus protection system as well. How did that work?

Chris Ciabarra (17:57):

So what happened was we were doing visual light detection when we first started out in 2018 because all the kids were getting shot up on TV, and we decided to come up with that. The gun has to be 60% shown for it to pick up on the camera that you currently have in your facilities. And then COVID hit and we’re like, “Oh boy.” And everyone’s asking for concealed weapons detection, which is where we started with thermal imaging for concealed weapons detection. It was about 60% detected and 40% wasn’t detected, right? It was only accurate 60%. So that wasn’t good enough. And then COVID hit. And we were like, “Why don’t we just use the technology to detect temperatures?” Right?

So that’s why we convert it really quick into temperature detection, and then we went back on the block to get a better concealed weapons detection system, which we just launched a couple months ago, which is 100% effective now, but it also has thermal in it. But that’s why we came up with COVID because we already had that thermal imaging embedded in our software, and we just converted a little bit, got the HSRP, or black reference point, to do the reference point for the heat. And that’s how we got up with the temperature checking. Sorry, I talk too fast sometimes.

John Verry (18:54):

That’s okay. I’m from New York, so-

Chris Ciabarra (18:56):

Okay.

John Verry (18:57):

It’s not too fast for me.

Chris Ciabarra (19:00):

Cool.

John Verry (19:00):

Other people, maybe. So that’s interesting. And I don’t wish bad upon anybody, but I hope you can’t sell these anymore for pandemics because, God bless. I hope these are all in our rear view mirror, man. I am so-

Chris Ciabarra (19:13):

Yeah, I hope so, too.

John Verry (19:14):

… so tired of … Yeah Yeah, it’s funny. Yeah, you’re almost even wishing. It’s like, “Okay, I’ll live with the gun detection. I don’t need the COVID detection anymore.”

Chris Ciabarra (19:21):

Unfortunately, that’s not the case because it keeps evolving. The virus was made to … It just keeps mutating every couple months, so it’s going to be here forever. it looks like, unfortunately.

John Verry (19:33):

Thank you. Thank you, Chris, for ruining my weekend. So who’s your predominant customer right now? Who’s using it most frequently?

Chris Ciabarra (19:46):

Right now the hospitals and the casinos are the biggest customers that we have.

John Verry (19:47):

Yeah. It makes sense. And then I’m assuming, so people go through an entryway. Typically, is there physical security there and there’s a gate and they’re dealing with it at that point, or do we have situations where it’s just notifying somebody, and the person is allowed to enter in and then somebody is … If you do detect a gun, what is the process by which an organization would go and deal with that?

Chris Ciabarra (20:09):

Sure. So it depends on which entryway they enter, right? If have places have 15, 20 different entryways, you’re not going to staff every single entryway. Some people choose to do a choke point and have everyone funnel into one entryway and then go out. Some businesses choose to put a system at every entry point, which allows them to staff their main entry points. But all the side entry points are just with our system in it. And then we can lock the doors, access control. If someone comes in with a weapon, we lock it down, and they wait for someone to go over there and deal with them. We’re also implementing self-controlled systems where we’re going to have turnstile type of forced entry so the turns stall doesn’t open unless they go through the security system and they’re clear.

John Verry (20:52):

Yeah. That one would seem ideal to me because then we don’t even have to deploy somebody else with a gun to deal with a potentially-

Chris Ciabarra (20:59):

Exactly.

John Verry (21:00):

… dangerous situation.

Chris Ciabarra (21:01):

Exactly. Go put your gun back in the car.

John Verry (21:03):

And we keep the dangerous situation outside. Yeah, yeah. We keep it outside of our four walls, which would be nice.

Chris Ciabarra (21:09):

Exactly.

John Verry (21:09):

Cool. Anything we missed or you think we should discuss?

Chris Ciabarra (21:13):

I think I’m good.

John Verry (21:13):

You have an actually great product because it’s so darn simple to explain. Most products are not, and the value proposition is so obvious, and either I know I need it or I don’t think I need it, right? I mean, it’s-

Chris Ciabarra (21:25):

Exactly.

John Verry (21:25):

I’m sure selling is easy. You go in and you’re like, “Do you need this?” “Yes.” “Okay, good.” They understand it intuitively, right?

Chris Ciabarra (21:34):

Exactly. Some places already have them. They’re just the old models and it takes them forever. But you’re right. They’re either going to want it or they’re not going to want it because it’s something they need or don’t think they need.

John Verry (21:43):

Gotcha. And then one last question, just professional curiosity, is there a play for this with TSA and airports? Would it improve the way that they’re doing things?

Chris Ciabarra (21:52):

Sure. It would definitely improve the way they’re doing things. So their current system detects drugs and other things that we don’t do. We only detect weapons. So unless they were willing to give that-

John Verry (21:52):

Ah, gotcha.

Chris Ciabarra (22:01):

Yeah. But the way we are in an airport, and the way we managed to get in there was when you go overseas, a lot of airports overseas, they have control right when you walk in the door for weapons, and then you go to TSA later on. So that’s the way we’re playing it. Like, “Look, why don’t you just scan everyone coming in the airport so they don’t bring weapons in.” What happened in Atlanta a couple months ago, that could have been prevented if they scanned them before they went into TSA. And that’s what this airport’s doing up in Seattle. They’re scanning everybody when they come into the airport, and if they have a weapon, they ask them to go back out to the car. They don’t get penalized.

Right now, obviously, if you go through TSA and you have a weapon, you could get written up, you get a ticket, and then you have a record. So the airports don’t want that to happen to everybody because a lot of people forget that they have a weapon on them. It happens. It happened to me twice. One time I got through. Can’t believe it. The second time they got me. So yeah, it would be nice to have that pre-screening before you actually go into TSA so you don’t get into trouble.

John Verry (22:51):

Yeah. That’s actually a really good idea. I never thought about that. I mean, we’re protecting everyone. That’s at the gate level, but we’re not protecting the people that are checking in our baggage.

Chris Ciabarra (22:59):

Ticketing. Exactly.

John Verry (23:01):

Yeah, exactly. Yeah, the ticketing people are like, “what about us? How come we don’t get the protection? I want to go work down at the gate. You know what I mean? I don’t want to be out here.” All right. So hopefully you;re prepared for my next question. Give me either an amazing or horrible, you could use CISO, physical security director, anyone you want. Give me a fictional character or real-world person you think would make an amazing or horrible CISO, physical security director, and why.

Chris Ciabarra (23:01):

Oh boy. A character?

John Verry (23:30):

Oh, you didn’t prepare. You didn’t read-

Chris Ciabarra (23:32):

I’d have to go with Iron Man. How about that?

John Verry (23:35):

Ah. Which Ironman? Are we talking about Robert Downey Junior?

Chris Ciabarra (23:39):

Yeah, absolutely.

John Verry (23:42):

All right.

Chris Ciabarra (23:42):

Why not?

John Verry (23:43):

All right. But now you’ve got to tell me why.

Chris Ciabarra (23:43):

What other one would you be talking about?

John Verry (23:46):

You know, I-

Chris Ciabarra (23:47):

Oh, because-

John Verry (23:48):

I don’t know. I mean, I’m not a super knowledgeable Marvel guy, but I know there’s been 900 iterations of Batman and there’s been 300 iterations of the Joker. I didn’t know if there’d been multiple iterations of Iron Man.

Chris Ciabarra (24:02):

No, it’s just one that I know at least.

John Verry (24:05):

All right.

Chris Ciabarra (24:05):

He has all the sensors on him, right? He can detect things, concealed weapons. He has different technologies built into the suit. He’d be the perfect security guard, right?

John Verry (24:15):

Plus, he’s pretty cool.

Chris Ciabarra (24:15):

Yeah, exactly. And he’s a big deterrent.

John Verry (24:16):

Yeah, exactly.

Chris Ciabarra (24:20):

And I did read that, actually.

John Verry (24:25):

All right. So if somebody’s interested in getting a touch with you, what’s the best way to do that?

Chris Ciabarra (24:29):

[email protected]. Of course, our website is Athena-security.com, if you want to read more about our product and see what we’re doing.

John Verry (24:36):

Sounds good, man. Well, listen, thank you very much for coming on. And it was a lot of fun.

Chris Ciabarra (24:41):

Absolutely. Same here. Thanks so much.

Speaker 1 (24:44):

You’ve been listening to The Virtual CISO Podcast. As you’ve probably figured out, we really enjoy information security. So if there’s a question we haven’t yet answered or you need some help, you can reach us at [email protected]. And to ensure you never miss an episode, subscribe to the show in your favorite podcast player. Until next time, let’s be careful out there.